Update build.yml #40

Workflow file for this run

	---
	name: build-ublue-custom
	on:
	pull_request:
	branches:
	- main
	schedule:
	- cron: '05 10 * * 1'
	push:
	branches:
	- main
	paths-ignore:
	- '**/README.md'

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref \|\| github.run_id }}-iso
	cancel-in-progress: true

	env:
	MY_IMAGE_NAME: "${{ github.event.repository.name }}" # the name of the image produced by this build, matches repo names
	MY_IMAGE_DESC: "A custom image designed for school and work environments"
	IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}" # do not edit

	jobs:
	build_push:
	name: Build and push image
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write
	id-token: write

	steps:
	# Checkout push-to-registry action GitHub repository
	- name: Checkout Push to Registry action
	uses: actions/checkout@v4

	- name: Set Image Tag
	id: generate-tag
	shell: bash
	run: \|
	if [[ "${{ env.IS_LATEST_VERSION }}" == "true" ]]; then
	TAG="latest"
	elif [[ "${{ env.IS_GTS_VERSION }}" == "true" ]]; then
	TAG="gts"
	fi

	if [[ "${{ github.ref_name }}" == "testing" ]]; then
	if [[ "${{ env.IS_GTS_VERSION }}" == "true" ]]; then
	TAG="gts-testing"
	elif [[ "${{ env.IS_LATEST_VERSION }}" == "true" ]]; then
	TAG="testing"
	fi
	fi

	# Would like to implement in the future. This will allow us to support image tags from a PR.
	#if [[ github.event.number ]]; then
	# TAG="pr-${{ github.event.number }}-${{ matrix.fedora_version }}"
	#fi

	echo "tag=${TAG}" >> $GITHUB_OUTPUT

	# Build metadata
	- name: Image Metadata
	uses: docker/metadata-action@v5
	id: meta
	with:
	images: \|
	${{ env.MY_IMAGE_NAME }}

	labels: \|
	io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository }}/main/README.md
	org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }}
	org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }}

	# Build image using Buildah action
	- name: Build Image
	id: build_image
	uses: redhat-actions/buildah-build@v2
	with:
	containerfiles: \|
	./Containerfile
	# Postfix image name with -custom to make it a little more descriptive
	# Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format
	image: ${{ env.MY_IMAGE_NAME }}
	tags: \|
	${{ steps.generate-tags.outputs.alias_tags }}
	labels: ${{ steps.meta.outputs.labels }}
	oci: false

	# Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
	# https://github.com/macbre/push-to-ghcr/issues/12
	- name: Lowercase Registry
	id: registry_case
	uses: ASzc/change-string-case-action@v6
	with:
	string: ${{ env.IMAGE_REGISTRY }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Push Image to GHCR
	uses: redhat-actions/push-to-registry@v2
	id: push
	env:
	REGISTRY_USER: ${{ github.actor }}
	REGISTRY_PASSWORD: ${{ github.token }}
	with:
	image: ${{ steps.build_image.outputs.image }}
	tags: ${{ steps.build_image.outputs.tags }}
	registry: ${{ steps.registry_case.outputs.lowercase }}
	username: ${{ env.REGISTRY_USER }}
	password: ${{ env.REGISTRY_PASSWORD }}
	extra-args: \|
	--disable-content-trust

	# This section is optional and only needs to be enabled in you plan on distributing
	# your project to others to consume. You will need to create a public and private key
	# using Cosign and save the private key as a repository secret in Github for this workflow
	# to consume. For more details, review the image signing section of the README.

	# Sign container
	- uses: sigstore/[email protected]
	if: github.event_name != 'pull_request'

	- name: Sign container image
	if: github.event_name != 'pull_request'
	run: \|
	cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
	env:
	TAGS: ${{ steps.push.outputs.digest }}
	COSIGN_EXPERIMENTAL: false
	COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

	- name: Build ISOs
	uses: jasonn3/[email protected]
	id: build
	with:
	arch: x86_64
	image_name: ${{ env.IMAGE_NAME }}
	image_repo: ghcr.io/projm-dev-team
	image_tag: ${{ steps.generate-tag.outputs.tag }}
	secure_boot_key_url: 'https://github.com/ublue-os/akmods/raw/main/certs/public_key.der'
	enrollment_password: 'ublue-os'
	iso_name: ${{ env.IMAGE_NAME }}-${{ steps.generate-tag.outputs.tag }}.iso
	enable_cache_dnf: "false"
	enable_cache_skopeo: "false"

	- name: Move ISOs to Upload Directory
	id: upload-directory
	shell: bash
	run: \|
	ISO_UPLOAD_DIR=${{ github.workspace }}/upload
	mkdir ${ISO_UPLOAD_DIR}
	mv ${{ steps.build.outputs.iso_path }}/${{ steps.build.outputs.iso_name }} ${ISO_UPLOAD_DIR}
	mv ${{ steps.build.outputs.iso_path }}/${{ steps.build.outputs.iso_name }}-CHECKSUM ${ISO_UPLOAD_DIR}
	echo "iso-upload-dir=${ISO_UPLOAD_DIR}" >> $GITHUB_OUTPUT

	- name: Upload ISOs and Checksum to Job Artifacts
	if: github.ref_name == 'testing'
	#if: github.event_name == 'pull_request'
	uses: actions/upload-artifact@v4
	with:
	name: ${{ steps.build.outputs.iso_name }}
	path: ${{ steps.upload-directory.outputs.iso-upload-dir }}
	if-no-files-found: error
	retention-days: 0
	compression-level: 0
	overwrite: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update build.yml #40

Workflow file

Update build.yml #40

Jobs

Run details

Workflow file for this run